Hackers Compromise Microsoft GitHub Projects to Harvest AI Developer Credentials

Microsoft has restricted access to dozens of its open-source projects hosted on GitHub while investigating a security incident that appears to have allowed hackers to compromise the repositories and insert credential-stealing malware into the code.

Many of the affected repositories are linked to Microsoft’s Azure cloud platform and other developer-focused tools used with AI coding applications, including Claude Code, Gemini CLI, and Visual Studio Code.

Security company Cloudsmith and the community-driven malware analysis platform OpenSourceMalware were among the first to identify the breach. According to their findings, the malicious code enabled attackers to collect passwords and other sensitive credentials from users who opened the compromised tools through AI-assisted development environments.

It remains unclear how many users may have downloaded or interacted with the affected software before the repositories were taken offline.

Microsoft confirmed that it had removed access to the repositories, a development first reported by 404 Media.

Microsoft spokesperson Ben Hope said the company had “temporarily removed some repositories as we investigated potential malicious content.”

“Some of these repos have been restored after review, while others may remain offline while work continues,” Hope added.

He also said that Microsoft had contacted a limited number of customers who may have downloaded content from the affected repositories.

“As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels,” Hope said.

The company did not disclose the exact number of customers potentially impacted by the incident.

At least 70 Microsoft-owned projects have reportedly been disabled. Users attempting to access those GitHub repositories are met with a notice stating that access has been disabled by GitHub staff due to a violation of the platform’s terms of service.

The incident represents the latest example of a software supply chain attack, a growing tactic in which attackers compromise widely used open-source projects to distribute malware to many users. Such attacks are particularly valuable to cybercriminals because developers and organisations using the compromised software often have access to cloud infrastructure, sensitive systems, and large volumes of customer data.

While independent open-source developers are frequently targeted through long-term campaigns designed to gain trust and access, incidents involving major technology companies are far less common. Large firms such as Microsoft generally have extensive security resources dedicated to protecting their software development environments.

According to Ars Technica, this marks the second known compromise of Microsoft open-source projects in recent weeks. In mid-May, security researchers reported that Durable Task, an open-source Microsoft project used to help developers build applications, had been breached. OpenSourceMalware described the latest incident as a “re-compromise” of the Durable Task project, raising the possibility that the original attackers were not fully removed or that an entirely separate breach occurred.

Microsoft has not yet provided additional details regarding the source of the compromise or the full scope of the investigation.